@typoworx-de opened this Issue on June 16th 2016

I just got a report forwarded from my Rootserver-ISP's abuse team regarding fraud / malware activity.

The E-Mail was generated from this page:
http://support.clean-mx.de/clean-mx/viruses.php?email=abuse@accelerated.de&response=alive

Content of the Mail about complained issues (shortened)

DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY
PROBLEM, THEY WILL BE BACK!

You may forward my information to law enforcement, CERTs,
other responsible admins, or similar agencies.

+-----------------------------------------------------------------------------------------------

|date               |id |virusname  |ip     |domain     |Url|
+-----------------------------------------------------------------------------------------------
|2016-06-15 09:25:52 CEST   |94707355   |cleanmx_phish  |84.200.68.130  |typoworx.de    |http://piwik.typoworx.de/
+-----------------------------------------------------------------------------------------------

Note: also customer-pages including piwik.js for tracking are reported separately to me!

explanation of virusnames:
==========================
unknown_html_RFI_php    not yet detected by scanners as RFI, but pure php code for injection
unknown_html_RFI_perl   not yet detected by scanners as RFI, but pure perl code for injection
unknown_html_RFI_eval   not yet detected by scanners as RFI, but suspect javascript obfuscationg evals
unknown_html_RFI    not yet detected by scanners as RFI, but trapped by our honeypots as remote-code-injection
unknown_html    not yet detected by scanners as RFI, but suspious, may be in rare case false positive
...javascript.insert    Please pay attention for script code after 
unknown_exe not yet detected by scanners as malware, but high risk!
all other names malwarename detected by scanners
==========================

Company contact / imprint in the E-Mail:

Gerhard W. Recher
(CTO)

net4sec UG (haftungsbeschraenkt)

Leitenweg 6
D-86929 Penzing
@tsteur commented on June 17th 2016 Owner

ping @mattab do you have any idea if there's something to do / that we can do?

@mattab commented on July 8th 2016 Owner

Hello,

please consult with your technical team, what is the problem. It is not related to Piwik as far as we can see. Good luck

This Issue was closed on July 8th 2016
Powered by GitHub Issue Mirror